a) Find buffer overflow bug and fix it. b ) Exploit Laboratory Exercises In the

Question

a) Find buffer overflow bug and fix it.

b) Exploit Laboratory Exercises

In the followings, you are required to analyze vulnerabilities of the above program and write exploits. An exploit is a tool, for example, a piece of software, a chunk of data, or a sequence of commands, which takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack.

In addition to buffer overflow, do you think that there are other software vulnerabilities? _________ (Yes/No)

Explain and elaborate your answer. In other words, for any vulnerability you discover in the above code, you have to provide a detailed technical analysis of the vulnerability and give an exploit to demonstrate how you compromise the above application. Also, you have to give one solution to mitigate the attack caused by each vulnerability and explain how.

Please provide the solution for a and b seperate with more details for each fix.

#include

#include

int main(int argc, char *argv[]) {

int i;
char buf[100];

char firstname[30]; char lastname[30]; char jobtitle[80]; char email[80]; char phone[15]; char company[80];

char buffer[500]; char* copyright; char *cstr; size_t needed; int n;

// We are passing command line argument to buf if there is one if(argc>=2) {

strncpy(buf, argv[1], 100);

printf(buf); }

copyright = getenv("COPYRIGHT");

printf("Welcome to Company Registration "); if (copyright!=NULL) {

needed = snprintf(NULL, 0, "echo © %s", copyright); cstr = malloc(needed+1);
snprintf(cstr, needed+1, "echo © %s", copyright); system(cstr);

free(cstr); } else {

system("echo © 2018"); }

printf("Please fill out the registration form by answering questions below "); printf("First name:");
gets(firstname);

printf("Last name:"); gets(lastname);

printf("Job title:"); gets(jobtitle);

printf("Email:"); gets(email);

printf("Phone:"); gets(phone);

printf("Company:"); gets(company);

printf(" Your Registration Information is: "); printf("First name:%s ",firstname); printf("Last name:%s ",lastname);
printf("Job title:%s ",jobtitle); printf("Email:%s ",email); printf("Phone:%s ",phone); printf("Company:%s ",company);

n=sprintf (buffer, "echo %s firstname,lastname,jobtitle,email,phone,company);

i = system(buffer);

return 0; }

Explanation / Answer

here is your code with embedded answer in the form of comments : ------------>>>>>>>>

#include<stdio.h>
#include<stdlib.h>
int main(int argc, char *argv[]) {
int i;
char buf[100];
char firstname[30]; char lastname[30]; char jobtitle[80]; char email[80]; char phone[15]; char company[80];
char buffer[500]; char* copyright; char *cstr; size_t needed; int n;
// We are passing command line argument to buf if there is one
if(argc>=2) {
strncpy(buf, argv[1], 100);
printf(buf); }
copyright = getenv("COPYRIGHT");
printf("Welcome to Company Registration ");
if (copyright!=NULL) {
needed = snprintf(NULL, 0, "echo © %s", copyright);
cstr = (char *)malloc(needed+1);
snprintf(cstr, needed+1, "echo © %s", copyright);
//here if you able to change the copyright string then you can call any system function
system(cstr);
free(cstr); } else {
system("echo © 2018"); }
printf("Please fill out the registration form by answering questions below "); printf("First name:");
//here you can do buffer overflow attack
//because gets function simply copies the content of the key board
//sequentially from the address passed as argument and do not check the bound
fgets(firstname,30,stdin);
//here you can use fgets function to avoid bufferoverflow
printf("Last name:");
//here you can do buffer overflow attack
//because gets function simply copies the content of the key board
//sequentially from the address passed as argument and do not check the bound
fgets(lastname,30,stdin);
//here you can use fgets function to avoid bufferoverflow
printf("Job title:");
//here you can do buffer overflow attack
//because gets function simply copies the content of the key board
//sequentially from the address passed as argument and do not check the bound
fgets(jobtitle,80,stdin);
//here you can use fgets function to avoid bufferoverflow
printf("Email:");
//here you can do buffer overflow attack
//because gets function simply copies the content of the key board
//sequentially from the address passed as argument and do not check the bound
fgets(email,80,stdin);
//here you can use fgets function to avoid bufferoverflow
printf("Phone:");
//here you can do buffer overflow attack
//because gets function simply copies the content of the key board
//sequentially from the address passed as argument and do not check the bound
fgets(phone,15,stdin);
//here you can use fgets function to avoid bufferoverflow
printf("Company:");
//here you can do buffer overflow attack
//because gets function simply copies the content of the key board
//sequentially from the address passed as argument and do not check the bound
fgets(company,80,stdin);
//here you can use fgets function to avoid bufferoverflow
printf(" Your Registration Information is: "); printf("First name:%s ",firstname); printf("Last name:%s ",lastname);
printf("Job title:%s ",jobtitle); printf("Email:%s ",email); printf("Phone:%s ",phone); printf("Company:%s ",company);
n=sprintf(buffer, "echo %s firstname,lastname,jobtitle,email,phone,company");
i = system(buffer);
return 0; }

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.